diff --git a/main/forum/viewthread_flat.inc.php b/main/forum/viewthread_flat.inc.php index b92891eb66..e7351bca5d 100755 --- a/main/forum/viewthread_flat.inc.php +++ b/main/forum/viewthread_flat.inc.php @@ -14,6 +14,10 @@ if (isset($current_thread['thread_id'])){ $rows=get_posts($current_thread['thread_id']); $increment=0; + + $clean_forum_id = intval($_GET['forum']); + $clean_thread_id = intval($_GET['thread']); + foreach ($rows as $row) { echo ''; // the style depends on the status of the message: approved or not @@ -50,16 +54,16 @@ if (isset($current_thread['thread_id'])){ // The course admin him/herself can do this off course always if (($current_forum['allow_edit']==1 AND $row['user_id']==$_user['user_id']) or (api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session']))) { if (api_is_allowed_to_session_edit(false,true)) - echo "".icon('../img/edit.gif',get_lang('Edit')).""; + echo "".icon('../img/edit.gif',get_lang('Edit')).""; } if ($origin != 'learnpath') { if (api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session'])) { - echo "".icon('../img/delete.gif',get_lang('Delete')).""; - display_visible_invisible_icon('post', $row['post_id'], $row['visible'],array('forum'=>Security::remove_XSS($_GET['forum']),'thread'=>Security::remove_XSS($_GET['thread']), 'origin'=>$origin )); + echo "".icon('../img/delete.gif',get_lang('Delete')).""; + display_visible_invisible_icon('post', $row['post_id'], $row['visible'],array('forum'=>$clean_forum_id,'thread'=>$clean_thread_id, 'origin'=>$origin )); echo ""; if ($increment>0) { - echo "".icon('../img/deplacer_fichier.gif',get_lang('MovePost')).""; + echo "".icon('../img/deplacer_fichier.gif',get_lang('MovePost')).""; } } } @@ -70,12 +74,12 @@ if (isset($current_thread['thread_id'])){ if (api_is_allowed_to_edit(null,true) && $origin != 'learnpath') { if( isset($_GET['gradebook'])){ if ($increment>0 && $user_status!=1 ) { - $info_thread=get_thread_information(Security::remove_XSS($_GET['thread'])); - echo "".icon('../img/new_test_small.gif',get_lang('Qualify')).""; + $info_thread=get_thread_information($clean_thread_id); + echo "".icon('../img/new_test_small.gif',get_lang('Qualify')).""; } } else { if ($increment>0 && $user_status!=1 ) { - echo "".icon('../img/new_test_small.gif',get_lang('Qualify')).""; + echo "".icon('../img/new_test_small.gif',get_lang('Qualify')).""; } } } @@ -83,8 +87,8 @@ if (isset($current_thread['thread_id'])){ if ($current_forum_category['locked']==0 AND $current_forum['locked']==0 AND $current_thread['locked']==0 OR api_is_allowed_to_edit(false,true)) { if ($_user['user_id'] OR ($current_forum['allow_anonymous']==1 AND !$_user['user_id'])) { if (!api_is_anonymous() && api_is_allowed_to_session_edit(false,true)) { - echo ''.Display :: return_icon('message_reply_forum.png', get_lang('ReplyToMessage')).""; - echo ''.Display :: return_icon('quote.gif', get_lang('QuoteMessage')).""; + echo ''.Display :: return_icon('message_reply_forum.png', get_lang('ReplyToMessage')).""; + echo ''.Display :: return_icon('quote.gif', get_lang('QuoteMessage')).""; } } } else { @@ -131,7 +135,7 @@ if (isset($current_thread['thread_id'])){ echo ' "> '.$user_filename.' '; echo ''.$attachment_list['comment'].''; if (($current_forum['allow_edit']==1 AND $row['user_id']==$_user['user_id']) or (api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session']))) { - echo '  '.Display::return_icon('delete.gif',get_lang('Delete')).'
'; + echo '  '.Display::return_icon('delete.gif',get_lang('Delete')).'
'; } echo ''; } diff --git a/main/forum/viewthread_nested.inc.php b/main/forum/viewthread_nested.inc.php index 2de988d31e..4d4a0b891d 100755 --- a/main/forum/viewthread_nested.inc.php +++ b/main/forum/viewthread_nested.inc.php @@ -24,6 +24,10 @@ if ((isset($_GET['action']) && $_GET['action']=='delete_attach') && isset($_GET[ $rows=get_posts($_GET['thread']); // note: this has to be cleaned first $rows=calculate_children($rows); $count=0; + +$clean_forum_id = intval($_GET['forum']); +$clean_thread_id = intval($_GET['thread']); + foreach ($rows as $post) { // the style depends on the status of the message: approved or not if ($post['visible']=='0') { @@ -57,14 +61,14 @@ foreach ($rows as $post) { // The user who posted it can edit his thread only if the course admin allowed this in the properties of the forum // The course admin him/herself can do this off course always if (($current_forum['allow_edit']==1 AND $post['user_id']==$_user['user_id']) or (api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session']))) { - echo "".icon('../img/edit.gif',get_lang('Edit')).""; + echo "".icon('../img/edit.gif',get_lang('Edit')).""; } if (api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session'])) { - echo "".icon('../img/delete.gif',get_lang('Delete')).""; - display_visible_invisible_icon('post', $post['post_id'], $post['visible'],array('forum'=>Security::remove_XSS($_GET['forum']),'thread'=>Security::remove_XSS($_GET['thread']) )); + echo "".icon('../img/delete.gif',get_lang('Delete')).""; + display_visible_invisible_icon('post', $post['post_id'], $post['visible'],array('forum'=>$clean_forum_id,'thread'=>$clean_thread_id )); echo ""; if ($count>0) { - echo "".icon('../img/deplacer_fichier.gif',get_lang('MovePost')).""; + echo "".icon('../img/deplacer_fichier.gif',get_lang('MovePost')).""; } } $userinf=api_get_user_info($post['user_id']); @@ -72,7 +76,7 @@ foreach ($rows as $post) { if (api_is_allowed_to_edit(null,true)) { if ($count>0 && $user_status!=1) { $current_qualify_thread=show_qualify('1',$_GET['cidReq'],$_GET['forum'],$post['user_id'],$_GET['thread']); - echo "".icon('../img/new_test_small.gif',get_lang('Qualify')).""; + echo "".icon('../img/new_test_small.gif',get_lang('Qualify')).""; } } //echo '

'; @@ -80,8 +84,8 @@ foreach ($rows as $post) { if ($current_forum_category['locked']==0 AND $current_forum['locked']==0 AND $current_thread['locked']==0 OR api_is_allowed_to_edit(false,true)) { if ($_user['user_id'] OR ($current_forum['allow_anonymous']==1 AND !$_user['user_id'])) { if (!api_is_anonymous() && api_is_allowed_to_session_edit(false,true)) { - echo ''.Display :: return_icon('message_reply_forum.png', get_lang('ReplyToMessage')).""; - echo ''.Display :: return_icon('quote.gif', get_lang('QuoteMessage')).""; + echo ''.Display :: return_icon('message_reply_forum.png', get_lang('ReplyToMessage')).""; + echo ''.Display :: return_icon('quote.gif', get_lang('QuoteMessage')).""; } } } else { @@ -129,7 +133,7 @@ foreach ($rows as $post) { echo ' "> '.$user_filename.' '; echo ''.$attachment_list['comment'].''; if (($current_forum['allow_edit']==1 AND $post['user_id']==$_user['user_id']) or (api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session']))) { - echo '  '.Display::return_icon('delete.gif',get_lang('Delete')).'
'; + echo '  '.Display::return_icon('delete.gif',get_lang('Delete')).'
'; } echo ''; } diff --git a/main/forum/viewthread_threaded.inc.php b/main/forum/viewthread_threaded.inc.php index 130172dcbf..ffdcf46760 100755 --- a/main/forum/viewthread_threaded.inc.php +++ b/main/forum/viewthread_threaded.inc.php @@ -53,6 +53,10 @@ $thread_structure="
".get_lang('Structure')."
"; $counter=0; $count=0; $prev_next_array=array(); + +$clean_forum_id = intval($_GET['forum']); +$clean_thread_id = intval($_GET['thread']); + foreach ($rows as $post) { $counter++; $indent=$post['indent_cnt']*'20'; @@ -83,7 +87,7 @@ foreach ($rows as $post) { $class=''; } $count_loop=($count==0)?'&id=1' : ''; - $thread_structure.= "".prepare4display($post['post_title']).""; + $thread_structure.= "".prepare4display($post['post_title']).""; $prev_next_array[]=$post['post_id']; } $count++; @@ -112,10 +116,10 @@ $prev_img = Display::return_icon('action_prev.png',get_lang('PrevMessage'), arr $next_img = Display::return_icon('action_next.png',get_lang('NextMessage'), array('style' => 'vertical-align: middle;')); // links -$first_href = 'viewthread.php?'.api_get_cidreq().'&forum='.Security::remove_XSS($_GET['forum']).'&thread='.Security::remove_XSS($_GET['thread']).'&gradebook='.$gradebook.'&origin='.$origin.'&id=1&post='.$prev_next_array[0]; -$last_href = 'viewthread.php?'.api_get_cidreq()."&forum=".Security::remove_XSS($_GET['forum'])."&thread=".Security::remove_XSS($_GET['thread'])."&gradebook='.$gradebook.'&origin=".$origin."&post=".$prev_next_array[$max-1]; -$prev_href = 'viewthread.php?'.api_get_cidreq().'&forum='.Security::remove_XSS($_GET['forum']).'&thread='.Security::remove_XSS($_GET['thread']).'&gradebook='.$gradebook.'&origin='.$origin.'&post='.$prev_next_array[$prev_id]; -$next_href = 'viewthread.php?'.api_get_cidreq().'&forum='.Security::remove_XSS($_GET['forum']).'&thread='.Security::remove_XSS($_GET['thread']).'&gradebook='.$gradebook.'&origin='.$origin.'&post='.$prev_next_array[$next_id]; +$first_href = 'viewthread.php?'.api_get_cidreq().'&forum='.$clean_forum_id.'&thread='.$clean_thread_id.'&gradebook='.$gradebook.'&origin='.$origin.'&id=1&post='.$prev_next_array[0]; +$last_href = 'viewthread.php?'.api_get_cidreq()."&forum=".$clean_forum_id."&thread=".$clean_thread_id."&gradebook='.$gradebook.'&origin=".$origin."&post=".$prev_next_array[$max-1]; +$prev_href = 'viewthread.php?'.api_get_cidreq().'&forum='.$clean_forum_id.'&thread='.$clean_thread_id.'&gradebook='.$gradebook.'&origin='.$origin.'&post='.$prev_next_array[$prev_id]; +$next_href = 'viewthread.php?'.api_get_cidreq().'&forum='.$clean_forum_id.'&thread='.$clean_thread_id.'&gradebook='.$gradebook.'&origin='.$origin.'&post='.$prev_next_array[$next_id]; echo '
'; //go to: first and previous @@ -186,12 +190,12 @@ $id_attach = !empty($attachment_list)?$attachment_list['id']:''; // The course admin him/herself can do this off course always if (($current_forum['allow_edit']==1 AND $rows[$display_post_id]['user_id']==$_user['user_id']) or (api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session']))) { - echo "".icon('../img/edit.gif',get_lang('Edit')).""; + echo "".icon('../img/edit.gif',get_lang('Edit')).""; } if (api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session'])) { - echo "".icon('../img/delete.gif',get_lang('Delete')).""; - display_visible_invisible_icon('post', $rows[$display_post_id]['post_id'], $rows[$display_post_id]['visible'],array('forum'=>Security::remove_XSS($_GET['forum']),'thread'=>Security::remove_XSS($_GET['thread']), 'post'=>Security::remove_XSS($_GET['post']) )); + echo "".icon('../img/delete.gif',get_lang('Delete')).""; + display_visible_invisible_icon('post', $rows[$display_post_id]['post_id'], $rows[$display_post_id]['visible'],array('forum'=>$clean_forum_id,'thread'=>$clean_thread_id, 'post'=>Security::remove_XSS($_GET['post']) )); echo ""; //verified the post minor $my_post=get_posts($_GET['thread']); @@ -207,7 +211,7 @@ if (api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_f $post_minor=(int)$id_posts[0]; $post_id = isset($_GET['post'])?(int)$_GET['post']:0; if (!isset($_GET['id']) && $post_id>$post_minor) { - echo "".icon('../img/deplacer_fichier.gif',get_lang('MovePost')).""; + echo "".icon('../img/deplacer_fichier.gif',get_lang('MovePost')).""; } } $userinf=api_get_user_info($rows[$display_post_id]['user_id']); @@ -218,7 +222,7 @@ if (api_is_allowed_to_edit(null,true)) { if($user_status!=1) { $current_qualify_thread=show_qualify('1',$_GET['cidReq'],$_GET['forum'],$rows[$display_post_id]['user_id'],$_GET['thread']); - echo "".icon('../img/new_test_small.gif',get_lang('Qualify')).""; + echo "".icon('../img/new_test_small.gif',get_lang('Qualify')).""; } } } @@ -229,8 +233,8 @@ if ($current_forum_category['locked']==0 AND $current_forum['locked']==0 AND $cu if ($_user['user_id'] OR ($current_forum['allow_anonymous']==1 AND !$_user['user_id'])) { if (!api_is_anonymous() && api_is_allowed_to_session_edit(false,true)) { - echo ''.Display :: return_icon('message_reply_forum.png', get_lang('ReplyToMessage')).""; - echo ''.Display :: return_icon('quote.gif', get_lang('QuoteMessage')).""; + echo ''.Display :: return_icon('message_reply_forum.png', get_lang('ReplyToMessage')).""; + echo ''.Display :: return_icon('quote.gif', get_lang('QuoteMessage')).""; } } } @@ -286,7 +290,7 @@ if (!empty($attachment_list)) { echo ' "> '.$user_filename.' '; echo ''.Security::remove_XSS($attachment_list['comment'], STUDENT).''; if (($current_forum['allow_edit']==1 AND $rows[$display_post_id]['user_id']==$_user['user_id']) or (api_is_allowed_to_edit(false,true) && !(api_is_course_coach() && $current_forum['session_id']!=$_SESSION['id_session']))) { - echo '  '.Display::return_icon('delete.gif',get_lang('Delete')).'
'; + echo '  '.Display::return_icon('delete.gif',get_lang('Delete')).'
'; } echo ''; }